The Yubikey is similar in concept to the authentication token generators distributed by VeriSign, PayPal, and others. Okay, so how does the YubiKey compare?
With VeriSign-style devices, you look at a display, which shows you a six-digit number that changes every thirty seconds or so. When you want to authenticate yourself to an application (e.g., a VPN client or a web form), you manually transcribe that number. This works fine and I do it all the time.
With a YubiKey, instead of transcribing a number, you press its button, which causes the device to "type" your authentication token. First of all, this automated entry is much easier than transcribing. Also, because the process is automated, the authentication token can be much longer, and much more secure, than manually transcribed ones. The YubiKey actually generates 44-character long tokens.
A second advantage of the YubiKey is form factor. This device is freaking tiny. I doubt you could make a USB device any smaller. It weighs only two grams.
The third, and most important, advantage of the YubiKey is that you don't have to trust (or even establish a connection to) a third party like VeriSign in order to perform authentication. Yubico's business model is to sell the keys and distribute the authentication software as open source. Anyone can build YubiKey authentication into their own products or services.
It works particularly well as an OpenID authentication mechanism.
Unfortunately, you can't use a YubiKey in situations where you are unable to physically plug in a USB device. This includes kiosks, but more importantly mobile devices like the iPhone. For those, you might have to stick to traditional token generators or clever things like Perfect Paper Passwords.
Steve later covered the Yubikey in more detail in Security Now podcast #143. But, by that time, I already had my own Yubikey attached to my key ring.